The Future of GRC in the AI-Hype World
How AI will change our practices, for best (mostly) and for worse (a bit). Start embracing AI to automate the bureaucratic parts of GRC to focus on our human plus value.
GRC in Practice
Learn how to get engineering teams to listen, make executives care about your recommendations, and build influence that goes beyond compliance theater. For pros who want to drive decisions.
Security Questionnaires Aren't Making Anyone Safer
Security questionnaires are a soul-crushing bureaucratic charade that wastes everyone's time, kills business momentum, and miraculously manages to make security worse in the process.
Beyond Compliance
The ultimate rant against compliance theatre and checkmarkism.
Security Needs Data: Insights From the Data Breach Investigation Report
Reviewing the Data Breach Investigation Report for a source of credible data about the real cyber threats we must worry about.
How to Balance Security and Privacy?
Considering the balance between security and privacy, my experience as a security specialist has taught me that privacy is now integral to building effective security tools